---
# Code generated by 'make generate-documentation'. DO NOT EDIT.
title: Gadget audit-seccomp
---

The Audit Seccomp gadget provides a stream of events with syscalls that had
their seccomp filters generating an audit log. An audit log can be generated in
one of those two conditions:

* The Seccomp profile has the flag SECCOMP_FILTER_FLAG_LOG (currently
  [unsupported by runc](https://github.com/opencontainers/runc/pull/3390)) and
  returns any action other than SECCOMP_RET_ALLOW.
* The Seccomp profile does not have the flag SECCOMP_FILTER_FLAG_LOG but
  returns SCMP_ACT_LOG or SCMP_ACT_KILL*.


### Example CR

```yaml
apiVersion: gadget.kinvolk.io/v1alpha1
kind: Trace
metadata:
  name: audit-seccomp
  namespace: gadget
spec:
  node: minikube
  gadget: audit-seccomp
  runMode: Manual
  outputMode: Stream
```

### Operations


#### start

Start audit seccomp

```bash
$ kubectl annotate -n gadget trace/audit-seccomp \
    gadget.kinvolk.io/operation=start
```
#### stop

Stop audit seccomp

```bash
$ kubectl annotate -n gadget trace/audit-seccomp \
    gadget.kinvolk.io/operation=stop
```

### Output Modes

* Stream
